Oracle 12.2 allows you to assign a different default operating system (OS) credential to each pluggable database (PDB), giving a greater degree of separation between the pluggable databases and therefore better control over security.
1234567891011121314151617181920212223242526
# groupadd -g 2000 cdb1_user
# useradd -g cdb1_user -u 2000 cdb1_user
# id cdb1_user
uid=2000(cdb1_user) gid=2000(cdb1_user) groups=2000(cdb1_user)
# passwd cdb1_user
# groupadd -g 1001 pdb1_user
# useradd -g pdb1_user -u 1001 pdb1_user
# id pdb1_user
uid=1001(pdb1_user) gid=1001(pdb1_user) groups=1001(pdb1_user)
# passwd pdb1_user
# groupadd -g 1002 pdb2_user
# useradd -g pdb2_user -u 1002 pdb2_user
# id pdb2_user
uid=1002(pdb2_user) gid=1002(pdb2_user) groups=1002(pdb2_user)
# passwd pdb2_user
# groupadd -g 1003 pdb3_user
# useradd -g pdb3_user -u 1003 pdb3_user
# id pdb3_user
uid=1003(pdb3_user) gid=1003(pdb3_user) groups=1003(pdb3_user)
# passwd pdb3_user1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
CONN / AS SYSDBA
-- CDB Credential (Default for all PDBs)
BEGIN
DBMS_CREDENTIAL.create_credential(
credential_name => 'cdb1_user_cred',
username => 'cdb1_user',
password => 'cdb1_user');
END;
/
-- PDB1 Credential
BEGIN
DBMS_CREDENTIAL.create_credential(
credential_name => 'pdb1_user_cred',
username => 'pdb1_user',
password => 'pdb1_user');
END;
/
-- PDB2 Credential
BEGIN
DBMS_CREDENTIAL.create_credential(
credential_name => 'pdb2_user_cred',
username => 'pdb2_user',
password => 'pdb2_user');
END;
/
-- PDB1 Credential
BEGIN
DBMS_CREDENTIAL.create_credential(
credential_name => 'pdb3_user_cred',
username => 'pdb3_user',
password => 'pdb3_user');
END;
/
COLUMN owner FORMAT A30
COLUMN credential_name FORMAT A30
SELECT con_id, owner, credential_name
FROM cdb_credentials
ORDER BY 1, 2, 3;
CON_ID OWNER CREDENTIAL_NAME
---------- ------------------------------ ------------------------------
1 SYS CDB1_USER_CRED
1 SYS PDB1_USER_CRED
1 SYS PDB2_USER_CRED
1 SYS PDB3_USER_CRED
SQL>12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
CONN / AS SYSDBA
ALTER SYSTEM SET PDB_OS_CREDENTIAL=cdb1_user_cred SCOPE=SPFILE;
SHUTDOWN IMMEDIATE;
STARTUP;
ERROR at line 1:
ORA-32017: failure in updating SPFILE
ORA-65046: operation not allowed from outside a pluggable database
CONN / AS SYSDBA
SHUTDOWN IMMEDIATE;
CREATE PFILE='/tmp/pfile.txt' FROM SPFILE;
HOST echo "*.pdb_os_credential=cdb1_user_cred" >> /tmp/pfile.txt
CREATE SPFILE FROM PFILE='/tmp/pfile.txt';
STARTUP;
SHOW PARAMETER PDB_OS_CREDENTIAL
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pdb_os_credential string cdb1_user_cred
SQL>
CONN / AS SYSDBA
-- PDB1 Credential
ALTER SESSION SET CONTAINER=pdb1;
ALTER SYSTEM SET PDB_OS_CREDENTIAL=pdb1_user_cred SCOPE=SPFILE;
SHUTDOWN IMMEDIATE;
STARTUP;
SHOW PARAMETER PDB_OS_CREDENTIAL
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pdb_os_credential string PDB1_USER_CRED
SQL>
-- PDB2 Credential
ALTER SESSION SET CONTAINER=pdb2;
ALTER SYSTEM SET PDB_OS_CREDENTIAL=pdb2_user_cred SCOPE=SPFILE;
SHUTDOWN IMMEDIATE;
STARTUP;
SHOW PARAMETER PDB_OS_CREDENTIAL
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pdb_os_credential string PDB2_USER_CRED
SQL>
-- PDB3 Credential
ALTER SESSION SET CONTAINER=pdb3;
ALTER SYSTEM SET PDB_OS_CREDENTIAL=pdb3_user_cred SCOPE=SPFILE;
SHUTDOWN IMMEDIATE;
STARTUP;
SHOW PARAMETER PDB_OS_CREDENTIAL
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pdb_os_credential string PDB3_USER_CRED
SQL>Please to add comments
No comments yet. Be the first to comment!